Quantstamp Audits Curve Finance Liquidity Mining

August 18, 2020
Quantstamp Announcements

Quantstamp is happy to announce that we have finished our audit of Curve Finance’s CRV token reward mechanism and CurveDAO. 

Curve Finance is an Automated Market Maker focused on stable asset swaps. Using bonding curves optimized for stable-assets, it minimizes slippage for stablecoin and other stable-pair trades. 

“Curve Finance is a cutting edge decentralized exchange that is also exploring the cutting edge of decentralized governance,” noted Richard Ma, CEO of Quantstamp. “We are excited to help them make sure CurveDAO is secure and ready to take them to the next stage.“ 

“With CRV, we are doing governance token distribution, staking and voting in a new way,” said Michael Egorov, founder of Curve Finance. “Quantstamp worked closely with us to help make sure this new design will work in the field.”

Curve Finance

Launched in January, 2020, Curve’s user adoption has been steady. It currently has over $1B in deposits and processes over $60M of daily volume*.

Users can conduct low-slippage trades on Curve Finance, or provide liquidity to the platform for a portion of trading fees. Through integration with third party DeFi projects such as Yearn Finance, Compound, and Synthetix, liquidity providers also earn extra yield on top of trading fees. This yield comes from lending platform fees and token incentives. 

Liquidity providers can now also claim CRV, the native governance token. 

What is CRV?

CRV is a governance token for CurveDAO, an Aragon DAO that governs the Curve Finance platform. 

Unlike standard on-chain governance systems, Curve’s voting mechanism weights both time and amount staked. Users who lock up their CRV tokens longer have their vote counted more, and so do users who lock up more tokens.

Besides increased voting power, users who lock up their CRV and vote also increase their CRV reward distribution. This incentivizes governance participation.

If you wish to learn how to provide liquidity on Curve to earn CRV, or learn more about the CRV token, the Curve blog has more details. 

CRV Distribution

Curve’s CRV token has a total supply of 3.03 billion, with 62% being distributed through liquidity mining. Users who provide liquidity on Curve Finance will earn a share of these rewards. 

5% of the initial distribution will go to users who have already supplied liquidity on Curve prior to CRV’s launch. The remaining 57% will be distributed going forward. Distribution is decided through the user’s share of the liquidity on Curve, as well as their participation in CurveDAO governance. Curve’s Medium Article has more details on the distribution, staking and voting mechanics of CRV. 

Quantstamp’s audit covered the Vyper smart contracts controlling the token reward mechanism as well as the controller logic used to distribute the tokens. Three engineers, including two PhDs, looked at four Vyper smart contracts: LiquidityGauge, GaugeController, LiquidityGaugeReward, and VestingEscrow from 7-21-2020 through 8-05-2020. Issues found were communicated to Curve, fixes were implemented by them, and we issued the final report 

During the audit, a total of 11 potential issues with varying levels of severity were found: one high-severity, one medium-severity, one low-severity, one undetermined-severity, and seven informational-level findings. Additionally, several best practices recommendations were also made regarding naming, documentation, and other suggestions. Several of the issues, including all high risk issues, were addressed by the Curve team. 

The full audit report can be found on the CurveDAO site here.

*as of August 18th, 2020, according to Curve.fi statistics

About Curve

Curve is an exchange liquidity pool on Ethereum designed for extremely efficient stablecoin trading, and low risk, supplemental fee income for liquidity providers, without opportunity cost.

Curve allows users and smart contracts like 1inch, ParaSwap, Totle and DEX.AG to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $5 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Quantstamp Announcements
August 18, 2020

Quantstamp is happy to announce that we have finished our audit of Curve Finance’s CRV token reward mechanism and CurveDAO. 

Curve Finance is an Automated Market Maker focused on stable asset swaps. Using bonding curves optimized for stable-assets, it minimizes slippage for stablecoin and other stable-pair trades. 

“Curve Finance is a cutting edge decentralized exchange that is also exploring the cutting edge of decentralized governance,” noted Richard Ma, CEO of Quantstamp. “We are excited to help them make sure CurveDAO is secure and ready to take them to the next stage.“ 

“With CRV, we are doing governance token distribution, staking and voting in a new way,” said Michael Egorov, founder of Curve Finance. “Quantstamp worked closely with us to help make sure this new design will work in the field.”

Curve Finance

Launched in January, 2020, Curve’s user adoption has been steady. It currently has over $1B in deposits and processes over $60M of daily volume*.

Users can conduct low-slippage trades on Curve Finance, or provide liquidity to the platform for a portion of trading fees. Through integration with third party DeFi projects such as Yearn Finance, Compound, and Synthetix, liquidity providers also earn extra yield on top of trading fees. This yield comes from lending platform fees and token incentives. 

Liquidity providers can now also claim CRV, the native governance token. 

What is CRV?

CRV is a governance token for CurveDAO, an Aragon DAO that governs the Curve Finance platform. 

Unlike standard on-chain governance systems, Curve’s voting mechanism weights both time and amount staked. Users who lock up their CRV tokens longer have their vote counted more, and so do users who lock up more tokens.

Besides increased voting power, users who lock up their CRV and vote also increase their CRV reward distribution. This incentivizes governance participation.

If you wish to learn how to provide liquidity on Curve to earn CRV, or learn more about the CRV token, the Curve blog has more details. 

CRV Distribution

Curve’s CRV token has a total supply of 3.03 billion, with 62% being distributed through liquidity mining. Users who provide liquidity on Curve Finance will earn a share of these rewards. 

5% of the initial distribution will go to users who have already supplied liquidity on Curve prior to CRV’s launch. The remaining 57% will be distributed going forward. Distribution is decided through the user’s share of the liquidity on Curve, as well as their participation in CurveDAO governance. Curve’s Medium Article has more details on the distribution, staking and voting mechanics of CRV. 

Quantstamp’s audit covered the Vyper smart contracts controlling the token reward mechanism as well as the controller logic used to distribute the tokens. Three engineers, including two PhDs, looked at four Vyper smart contracts: LiquidityGauge, GaugeController, LiquidityGaugeReward, and VestingEscrow from 7-21-2020 through 8-05-2020. Issues found were communicated to Curve, fixes were implemented by them, and we issued the final report 

During the audit, a total of 11 potential issues with varying levels of severity were found: one high-severity, one medium-severity, one low-severity, one undetermined-severity, and seven informational-level findings. Additionally, several best practices recommendations were also made regarding naming, documentation, and other suggestions. Several of the issues, including all high risk issues, were addressed by the Curve team. 

The full audit report can be found on the CurveDAO site here.

*as of August 18th, 2020, according to Curve.fi statistics

About Curve

Curve is an exchange liquidity pool on Ethereum designed for extremely efficient stablecoin trading, and low risk, supplemental fee income for liquidity providers, without opportunity cost.

Curve allows users and smart contracts like 1inch, ParaSwap, Totle and DEX.AG to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $5 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Keep up with Quantstamp and the latest industry trends 🛡
Sign up for our newsletter 📬
Keep up with Quantstamp and the latest industry trends 🛡
Sign up for our newsletter 📬
Quantstamp Announcements

Monthly Hacks Roundup: March 2024

March was a volatile month for the web3 security landscape, with significant security breaches totalling over $152 million in losses. Read on as we dive into four major security incidents and the trends from last month 👇

Read more
Quantstamp Announcements

Modular Account: How Audits Can Help Shape Standards And Catalyze Mass Adoption

Quantstamp recently conducted a smart contract audit for Alchemy’s Modular Account, a wallet implementation designed from the ground up for ERC-4337 and ERC-6900 compatibility including two plugins

Read more
Quantstamp Announcements

Quantstamp 2023 Web3 Security Year In Review

As the year comes to a close, we wanted to take a moment to reflect on this year’s biggest hacks, root causes, and noteworthy trends.

Read more
Services
AuditsInfrastructure AuditsEconomic ExploitsInsuranceDeFi Protection
Resources
Audit ReportsAudit Readiness Guide
About
BlogTeamMediaCareers
Back to Top
Follow
Quantstamp logo

Request an Audit

Quantstamp works with a wide variety of teams ranging from new DeFi protocols to established enterprises. 

Share some details about what you’re building and someone from our team will reach out as soon as possible. We appreciate your interest and look forward to hearing about your project!

Close
We received your request successfully

Thank you for expressing your interest in a smart contract audit. You will receive a confirmation email from us and our team will be in touch with you within the next few days.

In the meantime, please consider getting your code and documentation ready in accordance with the Audit Readiness Checklist.

Close
Oops! Something went wrong while submitting the form.
Quantstamp logo

Contact Our Press Team

Are you interested in writing about Quantstamp or learning more about us? 

Fill out the form and we will contact you shortly. We look forward to meeting you.

High-caliber team
Stellar track record
Chain agnostic
Strategic partnerships
Close
We received your request successfully

Thank you for contacting our press team. We will get in touch with you in the next few days.

Close
Oops! Something went wrong while submitting the form.
Quantstamp logo

Contact Us

Let us know how you would like to collaborate with us.

Close
Success
We received your request successfully

Thank you for expressing your interest in Quantstamp. We will contact you as soon as we review your message.

Close
Oops! Something went wrong while submitting the form.